Date: Sun, 12 Dec 2004 17:29:06 -0000 From: "Chris Roos" <chris@seagul.co.uk> To: <freebsd-newbies@freebsd.org> Subject: Syslog remote logging problems Message-ID: <NCBBLFEPMMFHJCFNNAIJCEHHEJAA.chris@seagul.co.uk>
next in thread | raw e-mail | index | archive | help
Hi, I have spent quite some time today trying to get my Netgear DG834 ADSL Router to log it's syslog messages to syslogd running on FreeBSD 5.3R. The first step was to check that the syslog messages were arriving at the FreeBSD box by using tcpdump with a filter for udp packets. This confirmed that the packets were being 'seen' by the FreeBSD box. The next step was to set-up a rule in syslog.conf to log all data from the router to /var/log/router.log. This is where the first problems appeared. Initially, I added the following to the end of syslog.conf +router *.* /var/log/router.log As this entry was below the program entries for ppp and startslip, and having read the man pages, I gather that syslog was now set-up to log from router only entries matching the above programs (due to the cascading nature of the syslog.conf rules). I moved the router definition to above the program entries and verified that the log file was being populated. I read in the man pages that to cancel a program or hostname rule within the syslog.conf file use '*', however I have not been able to get this to work correctly. I have tried the following at the end of the file (before moving the router definition to above the ppp and startslip program entries to enable it to work correctly) with no success. * +router *.* /var/log/router.log and *+router *.* /var/log/router.log I would like to know the correct format of this so that I can be sure that I am logging everything I should be. In addition to the above, I am having problems starting the syslogd daemon using the -a flag. If I try to start syslogd with any of the following options, I do not get the remote logs from router (IP address 192.168.3.20) -a 192.168.3.20 -a 192.168.3.20/16 -a 192.168.3.20/255.255.255.0 -a 192.168.3.20:'*' -a 192.168.3.20/16:'*' -a 192.168.3.20/255.255.255.0:'*' I am currently running syslogd with no parameters which allows me to log from the remote host correctly but I would much prefer if I could allow only the remote host that I want to log from. Any help on either of these points would be greatly appreaciated. Chris --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.809 / Virus Database: 551 - Release Date: 09/12/2004
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NCBBLFEPMMFHJCFNNAIJCEHHEJAA.chris>